Find a Question:

After Friday attacks world is preparing for a new version of the WannaCry ransom virus

May

15

2017

Security experts warn that a new version of Wana Krai has emerged over the weekend.
Google + LinkedIn Facebook Twitter
As the world prepares to start the new week, companies and governments around the world prepare for a second round of cyber attacks, following the WannaCry attacks on Friday.

Indeed, security experts warn that a new version of Wana Krai has emerged over the weekend that it does not contain the “killer switch” protocol, which stopped the initial version of cyber attacks late on Friday.

The National Cyber ​​Security Center in the United Kingdom issued a new warning Sunday on the possibility of another attack. This means that with the start of a new working week, in the UK and elsewhere, it is likely that other cases of ransom attacks may arise again, perhaps on a large scale.

The New York Times reported that some security industry observers say the second wave of attacks has already begun. Matt Sooch, the founder of Comay Technologies, wrote about some of the new versions of the ransom software that security experts find on the Internet.

“Today (14 May 2017), two new versions have emerged. The first works and you have blocked it by registering the new domain name, and the other works partly because it only spreads and does not encrypt files because of a corrupted archive. ”

Shosh added that a new version of the malicious software that does not include the protocol “killer switch” discovered by Kaspersky Lab, but is currently working in part because the archive of the software is corrupted.

It is noteworthy that a global electronic attack, using piracy tools believed to have been developed by the US National Security Agency (NSA), hit tens of thousands of computers in nearly 100 countries, which led to the disruption of the British health system and the international shipping company “FedEx” FedEX .

In the attack, which was described as the world’s largest ransom attack of all time, the pirates pounced on the victims and opened them with attachments containing malicious software sent with spam, such as invoices, important offers, security warnings and other legitimate files.

After opening malicious software, which belongs to the ransom software, it encrypted data on computers, asking victims to pay ransom ranging from 300 to 600 dollars to restore access to encrypted data.

Most of the devastating attacks were reported in Britain, where hospitals and clinics were forced on Friday to dispense with patients after they lost access to their computers. International shipping company FedEx said some of its Windows machines were also infected. “We are taking remedial measures as soon as possible,” she said in a statement.

Private security companies have identified the ransom software used as a new version of WannaCry, which has the ability to automatically spread over large networks by exploiting a known vulnerability in Microsoft’s Windows operating system.

Researchers from several private cybersecurity companies said the hackers, who were not recognized or claimed to be responsible for the attack, may have made their software a “worm” or self-propagating malware by exploiting part of the code developed by the US National Security Agency Eternal Blue, was published online last month by a group of hackers known as shadow brokers.

For its part, Microsoft said it has launched an automatic update of Windows to protect its customers from WannaCry software. Last March, it launched an update to protect users from the Eternal Blue vulnerability.